[LTS 8.6] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm #78
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gvrose8192
approved these changes
Jan 17, 2025
There was a problem hiding this comment.
Looks similar to the previous fix in this series for CVE-2022-42896 - Thanks!
Right, this CVE became basically an exercise in Rocky testing, which turned out to be much more involved than one could have thought. I'm experimenting with different approaches and trying to find a way to automate it, manual logs diffing is just horrible, not to even mention the indeterministic results... |
jira VULN-204 cve CVE-2022-42896 commit-author Luiz Augusto von Dentz <[email protected]> commit f937b75 l2cap_global_chan_by_psm shall not return fixed channels as they are not meant to be connected by (S)PSM. Signed-off-by: Luiz Augusto von Dentz <[email protected]> Reviewed-by: Tedd Ho-Jeong An <[email protected]> (cherry picked from commit f937b75) Signed-off-by: Marcin Wcisło <[email protected]>
pvts-mat
force-pushed
the
ciqlts8_6-CVE-2022-42896
branch
from
91cb5aa to
89fc648
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CVE-2022-42896
VULN-204
Solution
The bug fix in the mainline is provided1 in two commits:
f937b758a188d6fd328a81367087eddbb2fce50f711f8c3fb3db61897080468586b970c87c61d9e4Of these the
711f8c3is already applied onciqlts8_6(commit8b3cab2c7776120fdd10fc27fb983f706b32808a).(Same situation as in #41)
Build
Kernel built on virtual machine instantiated on physical Rocky 9 machine with
from the https://gitlab.conclusive.pl/devices/rocky-patching project. Installed on a testing machine created with
Logs: build.log
kABI check: passed
kABI check ran on the build machine with
for the
/mnt/code/kernel-dist-gitrepo in the state ofcommit hash
9cb8f01815976c24b697b25ddc56b4695747de9b.Boot test: passed
boot-test.log
Kselftests: passed relative
Kselftests were split into two parts:
kernel-selftests-internalpackage (for ease of use and stability of the tests) andThe set of tests covered by each method do not overlap. The chosen policy was "if a test exists in
kernel-selftests-internalthen use this implementation, otherwise use source-compiled one". This should provide best possible tests stability and coverage.Packaged tests
Tests set covered
bpflivepatchnetnet/forwardingnet/mptcpnetfiltertc-testingPackgae
The package is not available in repositories for Rocky 8.6 and before the latest commit
6c475c05370eb88e87cfe3df4463ef461483e908successful rpm build was impossible due to a bug in clang. The rpm package was custom built usingkernel-dist-gitproject (9cb8f01815976c24b697b25ddc56b4695747de9b) with kernel source fromciqlts8_6(6c475c05370eb88e87cfe3df4463ef461483e908) and made available at https://gitlab.conclusive.pl/devices/rocky-patching/-/blob/master/kernel-selftests-internal-4.18.0-372.32.1.el8.0.7.x86_64.rpm?ref_type=headsTests results
Patched kernel
kselftests–rpm–ciqlts8_6-CVE-2022-42896.zip
Flat text file form:
kselftests–rpm–ciqlts8_6-CVE-2022-42896.log
Reference kernel
6c475c05370eb88e87cfe3df4463ef461483e908kselftests–rpm–ciqlts8_6.zip
Flat text file form:
kselftests–rpm–ciqlts8_6.log
Summary
The patched and reference tests results are identical
Source-compiled tests
Tests set covered
androidbreakpointscapabilitiescorecpu-hotplugcpufreqefivarfsexecfilesystemsfirmwarefpufutexintel_pstateipckcmpkvmlibmembarriermemory-hotplugmountnsfsprocpstoreptracertcsgxsigaltstacksizesplicestatic_keyssyncsysctltimenstimerstpm2uservmx86zramTests results
Patched kernel
kselftests–kernel-src–ciqlts8_6-CVE-2022-42896.log
Reference kernel
6c475c05370eb88e87cfe3df4463ef461483e908kselftests–kernel-src–ciqlts8_6.log
Summary
The only status difference between patch and reference is for the
ipc:msgquetest. This test was found to be "flappy" (along withnetfilter:nft_flowtable.shandnet:xfrm_policy.sh) in the course of 4 different runs on the same reference kernel. See column https://docs.google.com/spreadsheets/d/1tUwJ2rV57cYZXh7momPtraSjZcHDjMYHLeHA3DYWrUU/edit?gid=0#gid=0&range=C:C for the summary of tests behavior for Rocky 8.6 found so far.Additional tests: none
Following the guidelines from the precedent #41.
Footnotes
1 GHSA-pf87-6c9q-jvm4